In a previous blog post, I described how I bypassed the patch for the first fix for CVE-2018-15422. That bypass was also discovered by other researchers as well. You can check that out in Cisco’s updated advisory.
Now, WebExec was the name given to…
What is Penetration Testing?
Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can…
As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A…
These days it seems like there are security solutions for almost everything except, the one thing you can never fully secure - humans. But, while you can’t control everything they open or click on, you can control their access to your sensitive data.…
These days it seems like there are security solutions for almost everything except, the one thing you can never fully secure - humans. But, while you can’t control everything they open or click on, you can control their access to your sensitive data.…
Identity Governance and Administration is a complex and growing, set of solutions that are put in place to help your organization stay compliant with government or industry regulations and, perhaps more importantly, help secure your organization.
However, with every new solution, there are…
This week Core Access Insight (AI) was named as a leader in the KuppingerCole Leadership Compass for Access Governance and Intelligence. In addition, we’re proud to report the product was named as a leader in three categories – Product, Innovation, and Overall Leader…
When conducting a penetration test, most testers will develop some type of process, and repeat that same process on every engagement. As I think through the basics of penetration testing, I believe that process can be broken up into six steps. They are:
Information…
Here is the summary of all exploits released since April 2nd, the last Dot Release:
16 Updates overall
9 Remote exploits
4 Client-Side exploits
3 Product updates
Here is the list of published updates:
Remote Exploits:
Disk Pulse Enterprise GET Buffer Overflow Exploit
Disk Savvy Enterprise Buffer Overflow Exploit
DiskBoss Enterprise Buffer…
Identity Governance & Administration (IGA) is commonly defined as “the policy-based centralized orchestration of user identity management and access control. Identity governance helps support enterprise IT security and regulatory compliance.” Or put into simpler terms, it’s putting in place a solution to ensure that…